[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [FD] [Full Disclosure] CVE-2024-25228: Unpatched Command Injection in Vinchin Backup & Recovery Vers
From: Valentin Lobstein via Fulldisclosure <fulldisclosure () seclists ! org>
Date: 2024-03-13 8:02:42
Message-ID: zH1CXaVxM-w4a1e6OxS4YaWq7t7npJmqbLo_GfXPH88RWsKICMsS9dBiNL_ecFTIY5Db8FuCGEoGrqc8c3fuHlJU87D0QpBpt7XOrhoXxuM= () protonmail ! com
[Download RAW message or body]
CVE ID: CVE-2024-25228
Title: Authenticated Command Injection Vulnerability in ManoeuvreHandler.class.php of Vinchin \
Backup & Recovery Versions 7.2 and Earlier
Description:
A critical security vulnerability has been discovered in the `getVerifydiyResult` function \
within the `ManoeuvreHandler.class.php` file of Vinchin Backup & Recovery software, affecting \
versions 7.2 and earlier. This function, intended for validating IP addresses or web resources, \
is vulnerable to authenticated command injection due to insufficient input validation and \
sanitization.
Function Analysis:
- The function accepts an input array `$params`, focusing on the `type` and `value` keys.
- Based on the `type`, it attempts to validate the input using either `verifyPing` (for IP \
addresses) or `verifyWeb` (for web resources).
- The vulnerability specifically lies in the `verifyPing` method, where the `exec` function is \
used to execute a `ping` command with the user-supplied `value`, without proper validation or \
sanitization.
Exploitation Risk:
Authenticated attackers can exploit this vulnerability by injecting malicious commands into the \
`value` parameter. When processed by the vulnerable function, these commands can be executed on \
the server, leading to unauthorized access or control.
Current Status:
As of the latest available information, no patch has been released for this vulnerability in \
versions 7.2 and earlier of Vinchin Backup & Recovery. The vendor has not acknowledged the \
vulnerability.
Recommendation:
Users are advised to apply strict access controls to mitigate the risk posed by this \
vulnerability until an official patch is released. Monitoring for any updates from Vinchin \
regarding this issue is also recommended.
Discoverer: Valentin Lobstein
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic